General
-
Target
2024-05-19_f74c2e10bb9eefb5be197fb68b7d932b_wannacry
-
Size
3.4MB
-
Sample
240519-b26cgabg4s
-
MD5
f74c2e10bb9eefb5be197fb68b7d932b
-
SHA1
ab6d13ef0500d461fa47705b06162084f6619161
-
SHA256
bc65b72845162f580a84445198de843057812f87ca316941f56c866b351882f9
-
SHA512
7a77bd4ca60ba4afad4c1ba5244ee71ac88b91f1d9d3e5267dccba968ae6da0563444ee9db6ed1b566f8f4ed797b78ef86309afb17601c09bde15574ae355f0a
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3r:QqPe1Cxcxk3ZAEUadzR8yc4gb
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-19_f74c2e10bb9eefb5be197fb68b7d932b_wannacry.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-05-19_f74c2e10bb9eefb5be197fb68b7d932b_wannacry.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
2024-05-19_f74c2e10bb9eefb5be197fb68b7d932b_wannacry
-
Size
3.4MB
-
MD5
f74c2e10bb9eefb5be197fb68b7d932b
-
SHA1
ab6d13ef0500d461fa47705b06162084f6619161
-
SHA256
bc65b72845162f580a84445198de843057812f87ca316941f56c866b351882f9
-
SHA512
7a77bd4ca60ba4afad4c1ba5244ee71ac88b91f1d9d3e5267dccba968ae6da0563444ee9db6ed1b566f8f4ed797b78ef86309afb17601c09bde15574ae355f0a
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3r:QqPe1Cxcxk3ZAEUadzR8yc4gb
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1